漏洞 - 第964页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-0340

In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-0339

In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-0338

In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges need ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-0337

In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-0336

In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission chec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-0335

In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-0334

In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-0333

In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-0332

In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User inter ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-0331

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification acces ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-0330

In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-0329

In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth se ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-0328

In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to loc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-0327

In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no addition ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-0326

In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct sear ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-0325

In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-0314

In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-0305

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges ne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-0302

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges ne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：40 | 回复：0
CVE漏洞

CVE-2020-5023

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-13546

In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon us ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-27135

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-24838

An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-24837

An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus opera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-29171

Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 fo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-23881

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event wh ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-23876

Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially ca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-23874

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-23873

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-23883

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-23882

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by pl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-23880

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-23878

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and cred ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-20654

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：35 | 回复：0
CVE漏洞

CVE-2020-36244

The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-28871

Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：30 | 回复：0
CVE漏洞

CVE-2020-28870

In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-26959

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-21299. Reason: This candidate is a duplicate of CVE-2021-21299. Notes: All CVE users should reference CVE-2021-21299 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-26958

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-26957

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：25 | 回复：0